module wireguard_firewall-cmd 1.0;

require {
	type cert_t;
	type firewalld_t;
	type wireguard_t;
	class dir { getattr open read search };
	class file { getattr open read };
	class dbus send_msg;
}

#============= firewalld_t ==============
allow firewalld_t wireguard_t:dbus send_msg;

#============= wireguard_t ==============
allow wireguard_t cert_t:dir { getattr open read search };
allow wireguard_t cert_t:file { getattr open read };
allow wireguard_t firewalld_t:dbus send_msg;